package com.wyp.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class MultiHttpSecurityConfig {

    @Bean
    public BCryptPasswordEncoder encoder() {
        return new BCryptPasswordEncoder();
    }

    @Configuration
    @Order(2)
    public class ExamineesSecurityConfig extends WebSecurityConfigurerAdapter {
        @Autowired
        private AuthenticationProvider authenticationProvider;  //注入我们自己的AuthenticationProvider

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {
            auth.authenticationProvider(authenticationProvider);
        }

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/student/**")
                    .formLogin().loginPage("/student/student_index.html").successForwardUrl("/student/student_index.html").failureUrl("/student/student_error.html").permitAll()
                    .and().logout().logoutUrl("/student/student_logout.html").logoutSuccessUrl("/student/student_login.html").deleteCookies().invalidateHttpSession(true)
                    .and().authorizeRequests().antMatchers("/student/student_register.html","/student/student_login.html","/student/findRegisterByUsername").permitAll()
                    .anyRequest().hasAnyRole("STU")
                    .and().headers().frameOptions().disable()//关闭X-Frame-Options
                    .and()
                    .csrf().disable();

            http.sessionManagement().maximumSessions(1).expiredUrl("/student/student_login.html");
        }
    }

    @Configuration
    @Order(1)
    public class AdminsSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.antMatcher("/admin/**")
                    .formLogin().loginPage("/admin/admin_index.html").successForwardUrl("/admin/admin_index.html").failureUrl("/admin/admin_error.html").permitAll()
                    .and().logout().logoutUrl("/admin/admin_logout.html").logoutSuccessUrl("/admin/admin_login.html").deleteCookies().invalidateHttpSession(true)
                    .and().authorizeRequests().antMatchers("/admin/findUpapart","/admin/findAddapart","/admin/findRegisterUsername","/admin/findAddadminnum").permitAll()
                    .and().authorizeRequests().antMatchers("/admin/examinee_passupdate.html/{number}","/admin/examinee_passupdate.html","/admin/examinee_update.html","/admin/examinee_add.html","/admin/examinee_delete.html/{id}").hasAnyRole("Cstu")
                    .and().authorizeRequests().antMatchers("/admin/admin_delete.html/{id}","/admin/manager_update.html/{usernumber}","/admin/manager_update.html/{id}","/admin/manager_add.html").hasAnyRole("Cadmin")
                    .and().authorizeRequests().antMatchers("/admin/testpaper_add.html","/admin/testpaper_delete.html/{id}","/admin/record_delete.html/{id}",
                    "/admin/question_add.html/{type}/{apartmentid}","/admin/question_add.html","/admin/question_update.html").hasAnyRole("Ctest")
                    .and().authorizeRequests().antMatchers("/admin/testpaper_examine.html","/admin/testpaper_examineop.html/{id}","/admin/testpaper_examrefuse.html/{id}","/admin/testpaper_examreacess.html","/admin/testpaper_qureycheck.html","/admin/testpaper_qureycheck.html/{qureymessage}",
                    "/admmin/apartment_manage.html","/admin/apartment_update.html/{id}","/admin/apartment_update.html","/admin/apartment_add.html",
                    "/admin/manager_manageinfo.html","/admin/authority_manage.html/{usernumber}","/admin/authority_manage.html/{adminaccount}").hasAnyRole("SUPERADMIN")
                    .anyRequest().hasAnyRole("ADMIN")
                    .and().headers().frameOptions().disable()//关闭X-Frame-Options
                    .and().csrf().disable();

            http.sessionManagement().maximumSessions(1).expiredUrl("/admin/admin_login.html");
        }
    }

    @Configuration
    @Order(3)
    public class OthersSecurityConfig extends WebSecurityConfigurerAdapter {

        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.authorizeRequests()//启用基于 HttpServletRequest 的访问限制，开始配置哪些URL需要被保护、哪些不需要被保护
                    .antMatchers("/student/","/static/**","/common/**","/student/student_login.html","/student/student_register.html","/admin/admin_login.html").permitAll()//其他请求放行
                    .and()
                    .csrf()
                    .disable();//未登陆用户允许的请求
        }
    }

    @Configuration
    public static class DefaultWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdapter {
        @Override
        protected void configure(HttpSecurity http) throws Exception {
            http.headers().frameOptions().disable();     //解决SpringSecurity不能加载iframe
            http.csrf().disable();
        }
    }
}
